Bug #7725
open
decode/ipv4: missing ip-in-ip case handling
Added by Juliana Fajardini Reichow 9 days ago.
Updated 2 days ago.
Description
A flow with IPv4 IP in IP traffic won't handle this tunneling case properly.
This leads to potential malicious traffic not triggering alerts, as well as other
inaccuracies in the logs.
Check if this case is also missing in other scenarios.
Waiting to see if the pcap shared can be added to a public SV test.
Related issues
1 (1 open — 0 closed)
- Label deleted (
Needs backport to 7.0)
- Description updated (diff)
Attempt at a fix shared on GL.
- Status changed from New to In Progress
- Assignee changed from OISF Dev to Juliana Fajardini Reichow
- Status changed from In Progress to In Review
- Private changed from Yes to No
- Related to Bug #4571: Unable to trigger rule by content in case of IPv4 in IPv4 incapsulation added
- Status changed from In Review to Resolved
Also available in: Atom
PDF